cancel
Showing results for 
Search instead for 
Did you mean: 

Bypassing specific IP address from the IP is a backlisted violation

nitratic
Cirrostratus
Cirrostratus

Hello,

I'm quite new with iRules and currently trying to bypass the specific IP address from IP is a blacklisted violation (IP intelligence service is enabled and I want to bypass this specific violation.


I've enabled XFF on the HTTP profile and there are certain IPs that I need to bypass this violation.

<Attached is the report of the violation >


Since there is a list of a specific range of IP addresses to bypass this violation.
I've created the data group list for it. But, I am a little skeptical about the use of the data group list (class) on the HTTP_REQUEST request event as I've enabled the XFF, and those IP on the XFF header is required to bypass that violation.


In the iRule section.

  • I need to first inspect the request and get HTTP::header values "X-Forwarded-For" values in replacement of [IP::client_addr]
  • If possible, compare with the data group list created consisting list of allowed IP address
  • If the IP address matches with the data group list then, just bypass the IP violation.


I'm just trying to figure out something like the below command will require performing the required task.

when HTTP_REQUEST {
[HTTP::header values "X-Forwarded-For"] in replacement of [IP::client_addr]
set ip_reputation_categories [IP::reputation [IP::client_addr]]
if { [class match [IP::client_addr] equals CLASS]}

<---Compares the data group list IP and if the requesting IP is present then bypass IP violation--->
else
<---Implement IP violation on it--->



Thanks,

Nitratic.

1 REPLY 1

Hi @nitratic 

You may find this iRule of use IP intelligence (reputation) blocking with whitelist support which is over on the Clouddocs site. I haven't tested it but it claims to still perform blocking by categories as well as allowing a bypass for IPs that have a blocked reputation category. It may need some light modification if you are using non-default partitions.

Thanks,
Josh